× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 6adecfaec434b41ecce9911f00b48e4e8ae6e3e8b9081d59e1b46480e9f7dbfc
File name: img.jpg
Detection ratio: 4 / 56
Analysis date: 2016-04-04 17:24:54 UTC ( 1 year, 8 months ago ) View latest
Antivirus Result Update
McAfee-GW-Edition BehavesLike.Win32.PWSZbot.cc 20160404
Qihoo-360 HEUR/QVM05.1.0000.Malware.Gen 20160404
Symantec Suspicious.Cloud.5 20160331
TotalDefense Win32/Inject.C!generic 20160404
Ad-Aware 20160404
AegisLab 20160404
AhnLab-V3 20160404
Alibaba 20160401
ALYac 20160404
Antiy-AVL 20160404
Arcabit 20160404
Avast 20160404
AVG 20160404
AVware 20160404
Baidu 20160404
Baidu-International 20160404
BitDefender 20160404
Bkav 20160404
CAT-QuickHeal 20160404
ClamAV 20160402
CMC 20160404
Comodo 20160404
Cyren 20160404
DrWeb 20160404
Emsisoft 20160404
ESET-NOD32 20160404
F-Prot 20160404
F-Secure 20160404
Fortinet 20160404
GData 20160404
Ikarus 20160404
Jiangmin 20160404
K7AntiVirus 20160404
K7GW 20160404
Kaspersky 20160404
Kingsoft 20160404
Malwarebytes 20160404
McAfee 20160404
Microsoft 20160404
eScan 20160404
NANO-Antivirus 20160404
nProtect 20160404
Panda 20160404
Rising 20160404
Sophos AV 20160404
SUPERAntiSpyware 20160404
Tencent 20160404
TheHacker 20160403
TrendMicro 20160404
TrendMicro-HouseCall 20160404
VBA32 20160404
VIPRE 20160404
ViRobot 20160404
Yandex 20160316
Zillya 20160404
Zoner 20160404
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2016-04-04 16:51:19
Entry Point 0x00001000
Number of sections 4
PE sections
PE imports
InitCommonControlsEx
GetLastError
HeapFree
WideCharToMultiByte
GetCurrentProcessId
GetModuleHandleA
HeapCreate
DeleteFileA
CreateFileA
WriteFile
HeapDestroy
ExitProcess
CloseHandle
MultiByteToWideChar
VirtualProtect
HeapAlloc
GetCurrentThreadId
HeapReAlloc
MoveFileExA
MoveFileExW
strncmp
malloc
realloc
memset
fclose
_stricmp
_setmode
strtoul
_fstat
fopen
strlen
clearerr
_errno
fwrite
fseek
qsort
_creat
mktime
ftell
_strdup
sprintf
putc
_fileno
strrchr
_wmktemp
_close
_mktemp
fread
_fdopen
ferror
free
_wcreat
_wfopen
memcpy
_stat
_snprintf
remove
time
localtime
strcmp
memchr
CoInitialize
GetWindowThreadProcessId
GetWindowLongA
GetForegroundWindow
EnableWindow
IsWindowVisible
EnumWindows
MessageBoxA
IsWindowEnabled
SetWindowPos
ExifTool file metadata
MIMEType
application/octet-stream

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

FileTypeExtension
exe

TimeStamp
2016:04:04 17:51:19+01:00

FileType
Win32 EXE

PEType
PE32

CodeSize
68096

LinkerVersion
2.5

EntryPoint
0x1000

InitializedDataSize
60416

SubsystemVersion
4.0

ImageVersion
0.0

OSVersion
4.0

UninitializedDataSize
0

Compressed bundles
File identification
MD5 8d4b774ebebe3612cc4f930abb20a92c
SHA1 1d468c777ad3cc7940c973beebcbf237722f1a3f
SHA256 6adecfaec434b41ecce9911f00b48e4e8ae6e3e8b9081d59e1b46480e9f7dbfc
ssdeep
3072:xb6lnvp9s7I+V9mCvBSCFZmpTBfReku+VpuwDztOwlEi:tuGzmCFspTBJjrBvtOfi

authentihash 953e564b086fddbbcc2883c0deb97c32defd9b33bdb3252c630ad39aee3d954b
imphash 9e1dde2f9ebd4f9f76708119d5684a6f
File size 125.5 KB ( 128512 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Dynamic Link Library (generic) (38.2%)
Win32 Executable (generic) (26.2%)
Win16/32 Executable Delphi generic (12.0%)
Generic Win/DOS Executable (11.6%)
DOS Executable Generic (11.6%)
Tags
peexe

VirusTotal metadata
First submission 2016-04-04 17:24:54 UTC ( 1 year, 8 months ago )
Last submission 2016-04-06 19:02:19 UTC ( 1 year, 8 months ago )
File names img.jpg
Advanced heuristic and reputation engines
TrendMicro-HouseCall
TrendMicro's heuristic engine has flagged this file as: Suspicious_GEN.F47V0405.

No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Opened files
Created processes
Code injections in the following processes
Terminated processes
Created mutexes
Opened mutexes
Runtime DLLs
UDP communications